How to do Penetration Testing

Crackers like to spend most of their time finding holes in computer systems where mostly bad coding are to blame in creating vulnerabilities. Crackers then like to take this knowledge and apply it to real world scenarios by attacking your network or Web Application, so in this situation you have to defend your self and protect your assets from these Crackers.

As we described late article there are a methodology for any tester who want to start it's own test. Methodology It has been observed that even hackers go about their attacks in a strategic manner. A methodology ensures that the process is a standard manner with documented and repeatable results for a given security posture. This helps testers plan their testing/attack strategy according to the input gained in the preceding phases of the testing process. A penetration test involves the systematic analysis of all the security measures in place. A full project should include some or all of the following areas:

How to do penetration testing

How to do Network penetration testing

Network security: Penetration testers should check for the following things to secure a network:

1. Network surveying.
2. Port scanning.
3. System identification.
4. Services identification.
5. Vulnerability research and verification.
6. Application testing and code review.
7. Router testing.
8. Firewall testing.
9. Intrusion-detection-system testing.
10. Trusted-systems testing.
11. Password cracking.
12. Denial-of-service testing.
13. Containment-measures testing.

Information penetration testing

Information security: Penetration testing to check the security of sensitive information of the organization includes the following activities:

1. Document grinding.
2. Competitive intelligence scouting.
3. Privacy review.

How to do Social engineering penetration testing

Social engineering: Security of the organization against social-engineering attacks may be ensured by:

1. Request testing.
2. Guided suggestion testing.
3. Trust testing.

How to do Wireless penetration testing

Wireless security: A penetration tester should perform the following tasks to check the security of wireless devices and networks:

1. Wireless-networks testing.
2. Cordless-communications testing.
3. Privacy review.
4. Infrared-systems testing.

Communications security

Communications security: The following penetration testing methods are used for communications security:

1. PBX testing.
2. Voice-mail testing.
3. Fax review.
4. Modem testing.

Physical security

Physical security: Security of the organization against physical attacks may be ensured by implementing the following procedures:

1. Access-controls testing.
2. Perimeter review.
3. Monitoring review.
4. Alarm-response testing.
5. Location review.
6. Environment review.

Author : Admin

Share this

Related Posts